I am trying to use the DotNetOpenId library to add OpenID support on a test website. For some reason it keeps giving me the following error when running on Firefox. Keep in mind that I am using localhost as I am testing it on my local machine.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
namespace TableSorterDemo
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
var openid = new OpenIdRelyingParty();
if (openid.GetResponse() != null)
{
switch (openid.GetResponse().Status)
{
case AuthenticationStatus.Authenticated:
var fetch = openid.GetResponse().GetExtension(typeof(ClaimsResponse)) as ClaimsResponse;
var nick = fetch.Nickname;
var email = fetch.Email;
break;
}
}
}
protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
{
var openid = new OpenIdRelyingParty();
if(openid.GetResponse() != null)
{
switch(openid.GetResponse().Status)
{
case AuthenticationStatus.Authenticated:
var fetch = openid.GetResponse().GetExtension(typeof (ClaimsResponse)) as ClaimsResponse;
var nick = fetch.Nickname;
var email = fetch.Email;
break;
}
}
}
protected void OpenIdLogin1_LoggingIn(object sender, OpenIdEventArgs e)
{
var openid = new OpenIdRelyingParty();
var req = openid.CreateRequest(OpenIdLogin1.Text);
var fetch = new ClaimsRequest();
fetch.Email = DemandLevel.Require;
fetch.Nickname = DemandLevel.Require;
req.AddExtension(fetch);
req.RedirectToProvider();
return;
}
}
}
Also, if I run the same page in Chrome then I get the following:
Login failed: This message has already been processed. This could indicate a replay attack in progress.
The replay attack detection results from you calling GetResponse() twice. You must not do that. Instead, assign the result of just one call to GetResponse() to a local variable, and then check it against null and use it otherwise.
Regarding you "No OpenID endpoint found" error, are you testing against a localhost OpenID as well or an OpenID hosted by an external party like Yahoo?
In my case as I was using a proxy to connect to the internet, I resolved by adding the following configuration to the web.config.
<system.net>
<defaultProxy useDefaultCredentials="true">
<proxy autoDetect="True" usesystemdefault="True" />
</defaultProxy>
</system.net>
Its worth noting that the 'No OpenID endpoint found' error message may not be a true description of what the issue is.
For myself it was because I was using my gmail email address but actually you need to create an OpenId account you will then get an id in the format .myopenid.com/
Enter that Id into the form and it should work correctly.
Check the web.config in your client app.
There is a section
<!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
<!--<add name="localhost" />-->
So as it says - uncomment to
<add name="localhost" />
Related
I have an instance of AD/LDS running on my machine and I'm trying to connect to it using the System.DirectoryServices.Protocols.LdapConnection class. For some reason every time I call the Bind() method it throws an LdapException complaining about invalid credentials.
Here's the code I'm using to set up the connection:
var ldapDirectoryIdentifier = new LdapDirectoryIdentifier(config.Server.Host, config.Server.Port);
var creds = new NetworkCredential(config.Credentials.Username, config.Credentials.Password)
{
Domain = config.Credentials.
};
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, creds, AuthType.Basic);
if (config.Server.Secure)
{
cert = new X509Certificate(config.Server.Certificate);
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.SessionOptions.VerifyServerCertificate = CheckCertificate;
}
ldapConnection.SessionOptions.ProtocolVersion = 3;
try
{
ldapConnection.Bind();
}
catch (LdapException e)
{
Log.LogException(e);
Environment.Exit(e.ErrorCode);
}
The configuration is coming from an App.config file as in the following example:
<server host="host" port="389"/>
<credentials username="username" password="password" domain="domain"/>
<usersearch base="ou=test,dc=test,dc=com" filter="(middlename=user)" objectclass="inetorgperson"/>
<devicesearch base="ou=test,dc=test,dc=com" filter="(sn=device)" objectclass="inetorgperson"/>
I've tried modifying the credentials part to get it connecting; setting username="DOMAIN\user", with and without the domain entry to credentials. I've tried messing with the connection strings, e.g. <server host="LDAP://host[:389]"/>. It just says the credentials, which I use to connect to the instance with both ADSI Edit and ldp, are invalid.
I CAN connect with the same domain credentials (local user account) using System.DirectoryServices.DirectoryEntry so I suspect it's the AD bit of AD/LDS being picky.
Anyone got any ideas?
It's probably on the session option. Try to force authentication type:
ldapConnection.AuthType = AuthType.Negotiate;
It may also be the way you handle the certificate. Try to add it this way:
ldapConnection.ClientCertificates.Add(cert);
I went ahead and double checked what AuthTypes were available and setting it to Ntlm works.
I'm using this course which is very interesting but I have some problem.
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
I get certificate error but I understand why is this problem. This certificate should be connected to name of my computer. I don`t understand how he biuld this certificate and how edit this issue.
Here is important code. What I have to do to solve this problem with certificate name?
using System;
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace LocalAccountsApp.Filters
{
public class RequireHttpsAttribute : AuthorizationFilterAttribute
{
public int Port { get; set; }
public RequireHttpsAttribute()
{
Port = 443;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var request = actionContext.Request;
if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
var response = new HttpResponseMessage();
if (request.Method == HttpMethod.Get || request.Method == HttpMethod.Head)
{
var uri = new UriBuilder(request.RequestUri);
uri.Scheme = Uri.UriSchemeHttps;
uri.Port = this.Port;
response.StatusCode = HttpStatusCode.Found;
response.Headers.Location = uri.Uri;
}
else
{
response.StatusCode = HttpStatusCode.Forbidden;
}
actionContext.Response = response;
}
else
{
base.OnAuthorization(actionContext);
}
}
}
}
That error is correct. The certificate you're using was signed by itself, for the domain localhost. Since it's not signed by a trusted certificate root (such as Verisign, for example), your browser warns you that the certificate is not valid and therefore the site may be illegitimate.
The error should not be causing problems with functionality, and when you deploy to production, you should get a trusted certificate signed for the domain you're deploying to.
You're not going to get anyone to sign a certificate for the domain localhost, but if the error bothers you, you can add the certificate you're using to the list of trusted root certificates by using MMC, as described in this TechNet article.
Currently working on an app that is connecting to Azure Mobile Services, and needs to require a Microsoft Account to authenticate.
I have been following this guide:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-windows-universal-dotnet-get-started-users/ Unforunately I have run into this error: Only https scheme is allowed. and I am not entirely sure on how to fix it.
Screenshot of error: http://i.stack.imgur.com/hod9i.png
My code is as follows and comes from the guide listed above.
private async void executiveLoginBtn_Click(object sender, Windows.UI.Xaml.RoutedEventArgs e)
{
await AuthenticateAsync();
}
// Define a member variable for storing the signed-in user.
private MobileServiceUser user;
// Define a method that performs the authentication process
// using a Facebook sign-in.
private async System.Threading.Tasks.Task AuthenticateAsync()
{
while (user == null)
{
string message;
try
{
// Change 'MobileService' to the name of your MobileServiceClient instance.
// Sign-in using Facebook authentication.
user = await App.MobileService
.LoginAsync(MobileServiceAuthenticationProvider.MicrosoftAccount);
message =
string.Format("You are now signed in - {0}", user.UserId);
}
catch (InvalidOperationException)
{
message = "You must log in. Login Required";
}
var dialog = new MessageDialog(message);
dialog.Commands.Add(new UICommand("OK"));
await dialog.ShowAsync();
}
}
The error also says "WinRT Information: URI Scheme is not https" - so how could I go about making the URI scheme https or otherwise fixing this error when authenticating to Azure Mobile Services?
1) Select the local MobileService project in Solution Explorer.
2) In the Properties window, change SSL Enabled to True.
3) Take note of the SSL URL and use that address to initialize the MobileServiceClient object in your client application.
How I fix the error is as follows:
SSL Enabled to True.
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-how-to-register-microsoft-authentication/
Input to Redirect URL
App.xaml.cs
public static MobileServiceClient MobileService = new MobileServiceClient("http://service.azure-mobile.net/", "---------------------");
Change to
public static MobileServiceClient MobileService = new MobileServiceClient("https://service.azure-mobile.net/", "---------------------");
I'm developping a webapplication. For the security of the users information i need a https connection. I'm developping this local at the moment. I have followed the tutorial on: http://weblogs.asp.net/dwahlin/archive/2009/08/25/requiring-ssl-for-asp-net-mvc-controllers.aspx
When I build my project the page loads but the url is: http://...
In my code i have placed:
[RequiresSSL]
public ActionResult Index()
{
//var model = Adapter.EuserRepository.GetAll();
return View(db.Eusers.ToList());
}
code from site:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace extranet.Helpers
{
public class RequiresSSL: ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpRequestBase req = filterContext.HttpContext.Request;
HttpResponseBase res = filterContext.HttpContext.Response;
//Check if we're secure or not and if we're on the local box
if (!req.IsSecureConnection && !req.IsLocal)
{
var builder = new UriBuilder(req.Url)
{
Scheme = Uri.UriSchemeHttps,
Port = 443
};
res.Redirect(builder.Uri.ToString());
}
base.OnActionExecuting(filterContext);
}
}
}
What am i missing that the url isn't https based? Is this because I'm working local?
Thanks in advance
Your filter checks to see if the request is local with this statement: && !req.IsLocal. If it is, then it doesn't redirect. If you remove that statement then you'll be required to access the action via HTTPS regardless if you're local or not.
when i remove that piece of code then i get a 401 - can't make
connection with the server localhost, but the link is https now
Removing that part of the code is only part of the solution to your problem. Going back to your original question of "how you can use https" then you need to enable it using this guide.
I am calling a web service in my php page. The web services are in C#. When I try to call a method using soap client object, it displays me error like:
System.NullReferenceException: Object reference not set to an instance of an object.
The code I use to call Web service method is :
$Username = "username";
$Password = "password";
$LifetimeRequest = 60*60*24;
$soap_data = array(
'Username' => $Username,
'Password' => $Password,
'LifetimeRequest' => $LifetimeRequest
);
$client = new SoapClient('http://50.56.173.161:8502/AdomniService.svc?wsdl');
$response = $client->ClientLogin($soap_data);
var_dump($response);
When I use var_dump it shows output like:
object(stdClass)#2 (1) {
["ClientLoginResult"]=>
object(stdClass)#3 (3) {
["Error"]=>
object(stdClass)#4 (5) {
["Private"]=>
float(2)
["Public"]=>
int(1)
["Details"]=>
string(284) "System.NullReferenceException: Object reference not set to an instance of an object.
at Adomni.AdomniService.ClientLogin(ClientLoginRequest request) in C:\Users\megiddo\Documents\Visual Studio 2010\Projects\Adomni\AdOmniAPIService\AdomniService\AdomniClientService.svc.cs:line 107"
["ErrorCode"]=>
int(0)
["ErrorMessage"]=>
NULL
}
["Status"]=>
int(-1)
["Token"]=>
object(stdClass)#5 (8) {
["Private"]=>
float(2)
["Public"]=>
int(1)
["EventNotificationUri"]=>
NULL
["IsManager"]=>
bool(false)
["LifetimeRequest"]=>
int(0)
["Password"]=>
NULL
["TokenId"]=>
int(0)
["UserName"]=>
NULL
}
}
}
Can anyone tell me what am I doing wrong here? Thanks in advance.
The code which was used in C# is like:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Web.Security;
using System.IO;
using System.Data;
using AdOmniWebPortal.AdOmniService;
namespace AdOmniWebPortal
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void AdOmniLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
AdomniServiceClient Client = new AdomniServiceClient();
LoginRequest LoginRequest = new LoginRequest();
LoginResponse LoginResponse = new LoginResponse();
LoginRequest.Username = AdOmniLogin.UserName;
LoginRequest.Password = AdOmniLogin.Password;
LoginRequest.LifetimeRequest = 60*60*24;
//This guy will be changed
LoginRequest.EventNotificationURL = new Uri("http://herp-a-derp.com/awesome.html");
LoginResponse = Client.Login(LoginRequest);
if (LoginResponse.Status == 0)
{
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(LoginResponse.Token.UserName, true);
LifetimeToken token = LoginResponse.Token;
Session["Token"] = token;
GetUserRequest request = new GetUserRequest() { Token = token };
GetUserResponse response = Client.GetUser(request);
if (response.GetUser.Type == AdOmniService.UserType.Seller)
{
Response.Redirect("~/Pages/Seller/SellerHomeDashboard.aspx");
}
if (response.GetUser.Type == AdOmniService.UserType.Client)
{
Response.Redirect("~/Pages/Buyer/BuyerHomeDashboard.aspx");
}
if (response.GetUser.Type == AdOmniService.UserType.None)
{
Response.Redirect("~/Pages/Buyer/BuyerHomeDashboard.aspx");
}
}
else
{
Response.Redirect("~/Login.aspx");
Response.Write(LoginResponse.Error.ErrorMessage);
}
}
}
}
I have put the whole .cs page content in Edit.
Use Fiddler (a http debug proxy)
that will allow you to peak inside of the request being made to the web service (in xml format)
so you can see if you are missing anything.
channel your c# client through fiddler, and take a look
http://www.fiddler2.com/fiddler2/
Maybe in your PHP script, you should also set the EventNotificationURL variable.
Take a look at this section in the error response:
["EventNotificationUri"]=>
NULL
Maybe the service expects you to pass in a EventNotificationUri value, just like you pass in the the Password, Username and LifetimeRequest.
[EDIT]
Try to change your variable name from Username to UserName. As far as I found out, PHP should be case sensitive in this matter, so "Username" != "UserName"